Yes, and they do it beyond the widest requirements for an ad-supported social media platform. They also are deceptive and evasive about the relationship between the Chinese government and the app developer, Byte Dance Inc.
TikTok also has numerous vulnerabilities and flaws in their coding that exposes user data to hackers with minimum effort. The TikTok SMS messaging feature is extremely vulnerable to enabling malicious attacks by its poor implementation of ‘deep links’ and easily redirected ‘intents’ schema.
Their ad generation servers and advertiser portal have major weaknesses that allow malicious parties to accomplish Cross-Site Scripting, Request Forgery, and Sensitive Data Exposure attacks without the user being aware that their device is the launch-point for attacks on others.